DDoS attack detection approach using an efficient cluster analysis in large data scale
| Title | DDoS attack detection approach using an efficient cluster analysis in large data scale |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Bhaya, W., EbadyManaa, M. |
| Conference Name | 2017 Annual Conference on New Trends in Information Communications Technology Applications (NTICT) |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-2962-8 |
| Keywords | CAIDA2007 datasets, CAIDA2008 datasets, cluster analysis, clustering, Clustering algorithms, clustering using representative, composability, Computer crime, computer network security, congestion-based attack, CURE, DARPA2000 datasets, data mining, DDoS attack detection, detection rate, Distributed Denial of Service (DDoS), distributed denial of service attack, Entropy, F measure, false alarm rate, flooding attack packets, genuine network flow identification, host-based resources, Human Behavior, Intrusion detection, intrusion detection system, large data scale, legitimate users, Metrics, network resources, Network security, packets windowing, pattern clustering, Phi coefficient, pubcrawl, Resiliency, resource allocation, Shape, unsupervised data mining, Wireless sensor networks |
| Abstract | Distributed Denial of Service (DDoS) attack is a congestion-based attack that makes both the network and host-based resources unavailable for legitimate users, sending flooding attack packets to the victim's resources. The non-existence of predefined rules to correctly identify the genuine network flow made the task of DDoS attack detection very difficult. In this paper, a combination of unsupervised data mining techniques as intrusion detection system are introduced. The entropy concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from DARPA2000, CAIDA2007 and CAIDA2008 datasets. The proposed approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient. Results indicates the superiority of the proposed approach with four out five detected phases, more than 99% accuracy rate 96.29% detection rate, around 0% false alarm rate 97.98% F-measure, and 97.98% Phi coefficient. |
| URL | https://ieeexplore.ieee.org/document/7976110 |
| DOI | 10.1109/NTICT.2017.7976110 |
| Citation Key | bhaya_ddos_2017 |
- network security
- genuine network flow identification
- host-based resources
- Human behavior
- Intrusion Detection
- intrusion detection system
- large data scale
- legitimate users
- Metrics
- network resources
- flooding attack packets
- packets windowing
- pattern clustering
- Phi coefficient
- pubcrawl
- Resiliency
- resource allocation
- Shape
- unsupervised data mining
- wireless sensor networks
- CURE
- CAIDA2008 datasets
- cluster analysis
- clustering
- Clustering algorithms
- clustering using representative
- composability
- Computer crime
- computer network security
- congestion-based attack
- CAIDA2007 datasets
- DARPA2000 datasets
- Data mining
- DDoS attack detection
- detection rate
- Distributed Denial of Service (DDoS)
- distributed denial of service attack
- Entropy
- F measure
- false alarm rate